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Applicant: Francois CUNCHON et al. 

International 

Application No.: PCT/FR00/03230 
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Filing Date: 21 November 2000 

U.S. Serial No.: To be Assigned 
U.S. Filing Date: July 23, 2001 

For: COMPUTER DEVICE FOR MAKING SECURE 

MESSAGES AT A NETWORK LAYER 

McLean, Virginia 

PRELIMINARY AMENDMENT 

Honorable Commissioner of Patents 

and Trademarks 
Washington, D.C. 20231 

Sir: 

Please amend the subject application, filed concurrently herewith, as 
indicated below: 
IN THE TITLE: 

Please cancel the title in its entirety and substitute the following new 

title: 

-- COMPUTING DEVICE FOR SECURING MESSAGES IN A NETWORK 
LAYER— 

Page 1 , after the title and before the first paragraph, insert the 
following title at the left-hand margin: 
-FIELD OF THE INVENTION-: 
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Page 1 , at line 6, before the send paragraph, insert the following 
heading at the left-hand margin: 
- DESCRIPTION OF RELATED ART -; 

Page 1 , at line 30, before the paragraph beginning "The subject of 
the...", insert the following heading at the left-hand margin: 
- SUMMARY OF THE INVENTION -; 

Page 2, at line 18, before the paragraph beginning "A description...", 
insert the following heading: 
- BRIEF DESCRIPTION OF THE DRAWINGS -; 

Page 3, at line 1 , before the first paragraph, insert the following 
paragraph at the left-hand margin: 

- DESCRIPTION OF THE PREFERRED EMBODIMENT(S) -; 

Please delete the paragraph on page 3, beginning at line 1 and ending 
at line 1 1 , in its entirety, and insert the following paragraph. The changes that 
were made in the paragraph are shown by underlining and bracketing in an 
attachment to this Preliminary Amendment: 
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--Referring to Fig. 1 , a computing device 67 is physically linked to a 
first private network 69 and a computing device 68 is physically linked to a 
second private network 70. Messages can circulate in complete confidentiality 
through each of the private networks 69 and 70, insofar as no intrusion can 
be accomplished from outside these networks. However, if the device 67 
sends a message to the device 68 using services of a public network 71 , 
confidentiality is not assured without taking particular precautions. The public 
network 71 is for example the network known as the Internet, often 
represented in the form of a cloud in literature. The public network 71 
comprises several networks 72, 73, interconnected by means of computing 
devices such as a computing device 65, not controlled by the devices 
67, 68.-- 
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Page 13, after line 28, insert the following new paragraph: 
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--While this invention has been described in conjunction with specific 
embodiments thereof, it is evident that many alternatives, modifications and 
variations will be apparent to those skilled in the art. Accordingly, the 
preferred embodiments of the invention as set forth herein, are intended to be 
illustrative, not limiting. Various changes may be made without departing 
from the true spirit and full scope of the invention as set forth herein and 
defined in the claims. — 
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IN THE CLAIMS : 

Please cancel claims 1 - 5 in their entirety and insert the following new 

claims: 
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1 --6. A computing device (1) comprising a memory (2) and a network 

2 security layer (9) for applying a securing operation upon presentation of a 

3 message (M1) in the memory (2); 

4 - the network security layer (9) having an initial state (12) adapted to be 

5 switched to a first state (25) that saves an execution context (CE) in an area 

6 (52) of the memory (2) upon presentation of the message (M1); 

7 - the network security layer having a second state (33) and adapted to 



8 be switched to the second state to call a first function (F9) for processing the 

9 message (M1), passing as parameters of said first function (F9), at least an 

10 address (@F13) of a second function (F13) and a pointer PZS(M1) to the 

11 area (52) of the memory (2), the network security layer being switched to its 

12 second state (33) upon saving of the execution context (CE); 



13 - the network security layer being immediately switched back to the 

14 initial state (12) upon an acknowledgement of the first function (F9) before the 

15 processing of the message (M1 ); 

16 - the network security layer (9) having a third state (56) and adapted to 

17 be switched from the initial state (12) to the third state (56) for restoring the 

18 execution context (CE) after which the network security layer (9) is switched 

19 back to the initial state in response to a jump to the address (@F13) of the 
2 0 second function. 



1 7. A computing device (1) according to claim 6, further comprising 

2 several chained pointers PZS(M1), PZS(M'1) adapted to be restored at the 

3 time of the jump to said address (@F13). 
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1 8. A computing device (1 ) according to claim 6, wherein the call of 

2 the first function (F9) passes as a parameter a correlation variable (VC1) 

3 restored at the time of the jump to the address (@ F1 3). 

1 9. A computing device (1) according to claim 7, wherein the call of 

2 the first function (F9) passes as a parameter a correlation variable (VC1) 

3 restored at the time of the jump to the address (@F13). 

1 1 0. A method for creating code for a fast network security layer (9) 

2 from the code of a standard network security layer in a kernel layer (6) of a 

3 computing device (1), comprising: 

4 - a first step for modifying, in the code of said standard network 



5 security layer, a first code sequence adapted to be activated by the 

6 presentation of a message to which a securing operation is to be applied, by 

7 inserting into the first sequence, before calling a first securing function (F1), a 

8 second code sequence, 



9 - beginning the second code sequence by saving a current execution 

10 context (CE) when the first sequence is executed, and 

11 - making a call to a second securing function (F9), 

12 -ending the second code sequence with a first jump to the end of the 

13 first code sequence; 

14 - a second step for generating a third code sequence of a third function 

15 (F13) by copying said first modified code sequence, and then inserting said 

16 third code sequence into said first modified code sequence, and 

17 - restoring the saved execution context (CE) by a fourth code 
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18 sequence after a call to the first function (F1) with a second jump to said 

19 fourth code sequence at the start of the third sequence. 



1 1 1 . A method for obtaining a first secure message from a second 

2 message, by means of a computing device (1) comprising a network security 

3 layer (9) to which said second message is presented, characterized in that it 

4 comprises: 

5 - saving an execution context of the network security layer after the 

6 presentation of said second message; 

7 - sending a request for a securing operation by the network security 

8 layer to an element outside the network security layer; 

9 - immediately acknowledging by said external element said request so 

10 as to place the network security layer in an initial state that does not use any 

11 resources of the computing device (1); and 

12 - presenting the message secured by the securing operation that 

13 results from said request to activate a restoration of the saved execution 

14 context in the network security layer by said external element.-- 
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IN THE ABSTRACT: 

Please delete the Abstract at page 1 6 in its entirety and substitute the 
following new Abstract. 
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» ABSTRACT 

A computing device (1) comprising a memory (2) and a network security 
layer (9) for applying a securing operation upon presentation of a message (M1) 
in the memory (2) is characterized in that: 

- the presentation of the message (M1) switches the network security 
layer (9) from an initial state (12) to a first state (25) that saves an execution 
context (CE) in an area (52) of the memory (2); 

- the saving of the execution context (CE) switches the network security 
layer from the first state (25) to a second state (33) that calls a first function (F9) 
for processing the message (M1), passing as parameters of said first function 
(F9) at least an address (@F13) of said function (F13) and a pointer PZS(M1) to 
the area (52) of the memory (2); 

- immediately switching the network security layer back to the initial state 
(12) upon an acknowledgement of the first function (F9), before the processing 
of the message (M1), and; 

- switching the network security layer (9) from the initial state (12) to a 
third state (56) that restores the execution context (CE) before switching the 
network security layer (9) back to the initial state upon a jump to the address 
(@F13) of a second function.-- 
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REMARKS 



This Preliminary Amendment is filed to insert headings to conform the 
application to U.S. practice, to eliminate the use of multiple dependent claims, 
and to correct informalities in the specification, claims and abstract resulting 
from a literal translation of the French text. 

Early action on the merits is earnestly solicited. 



Respectfully submitted, 



MILES & STOCKBRIDGE P.C. 



Date: July 23. 2001 




Edward J. Kpfldracki 
Registration No. 20,604 



1751 Pinnacle Drive - Suite 500 
McLean, VA 22102-3833 
Tel.: 703/903-9000 
Fax: 703/610-8686 
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Paragraph on page 3, beginning at line 1 and ending at line 11, showing 
changes that were made by underlining and bracketing: 

-Referring to Fig. 1 , a computing device 67 is physically linked to a 
first private network 69 and a computing device 68 is physically linked to a 
second private network 70. Messages can circulate in complete confidentiality 
through each of the private networks 69 and 70, insofar as no intrusion can 
be accomplished from outside these networks. However, if the device 67 
sends [an] a message to the device 68 using services of a public network 71 , 
confidentiality is not assured without taking particular precautions. The public 
network 71 is for example the network known as the Internet, often 
represented in the form of a cloud in [the] literature. The public network 71 
comprises several networks 72, 73, interconnected by means of computing 
devices such as a computing device 65, not controlled by the devices 
67, 68.-- 
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COMPUTER DEVICE FOR MAKING SECURE MESSAGES AT A 

NETWORK LAYER 



The field of the invention is that of computer networks, and more particularly 

5 that of securing the routing of messages in these networks. 

A public network like the Internet makes it possible to interconnect many 
private networks linked by access points and routers that route the messages. Ease of 
access to such a network is an advantage for the free flow of ideas and information, 
but it is also a disadvantage for the confidentiality of certain information. That is why 

10 it is necessary to secure certain messages so that the recipient alone can understand 
them, and can be sure of their origins and/or their integrity. 

A message securing operation is possible in various communication layers of a 
computing device. For example, in a user layer, an application such as http, ftp or 
mail can be responsible for performing encryption and decryption, and signature and 

15 authentication operations. Generally, the message is only available in the user layer of 
the initial sender and the final recipient. 

According to the prior art, it is possible to provide for the securing operation 
to be performed in a network layer, wherein a network security layer such as Ipsec 
handles the securing operation at the very level as the routing of the messages. This 

20 makes it possible to create virtual private networks, which use the resources of the 
public network by means of a known tunnel effect. The network layer is generally 
considered to be a communication resource of a computing device. The 
implementation of the network security later resulting from this consideration in the 
kernel layer of an operating system of the computing device relieves the user layer of 

25 the securing operations. 

However, some securing operations are long because they apply numerous 
calculations to the content of a message to be secured. The operating system's wait for 
the return of a function that gives the result of the operation has the disadvantage of 
inhibiting the computing device. 

30 The subject of the invention is a computing device comprising a memory and 

a network security layer for applying a securing operation upon presentation of a 
message in the memory. In order to eliminate the disadvantage mentioned above, the 
computing device is characterized in that: 

- the presentation of the message switches the network security layer from an 

35 initial state to a first state that saves an execution context in an area of the memory; 



- the saving of the execution context switches the network security layer from 
the first state to a second state that calls a first function for processing the message, 
passing as parameters of said first function at least an address of a second function 
and a pointer to the area of the memory; 

5 - an acknowledgement of the first function before the processing of the 

message immediately switches the network security layer back to the initial state; 

- a jump to the address of the second function after the processing of the 
message switches the network security layer from the initial state to a third state that 
restores the execution context before switching the network security layer back to the 

10 initial state. 

In the initial state, the network security layer does not use any resources of the 
computing device. The return of the network security layer to its initial state without 
having to wait for the end of the processing of the message avoids inhibiting the 
computing device. The saving of the execution context makesdt possible, at the end of 

15 the processing of the message, to return the network security layer to the context in 
which it was found before the operation began. Thus, the message securing operation 
is performed asynchronously. 

A description of a particular embodiment of the invention follows, in reference 
to the figures, in which: 

20 - Fig. 1 represents a secure network architecture; 

- Fig. 2 represents a computing device for processing messages; 

- Fig. 3 represents the essential stages of a secure operation layer, in the form 
of a machine with a finite number of states according to the prior art; 

- Figs. 4 and 5 represent the essential stages of a secure operation layer in the 
25 form of a machine with a finite number of states according to the invention; 

- Fig. 6 represents the essential stages of a hardware processing card driver in 
the form of a machine with a finite number of states for implementing the machine 
according to Figs. 3 and 4; 

- Fig. 7 represents an architecture of save areas in memory; 

30 - Fig. 8 presents a first step of a method for creating code for a network 

security layer; 

- Fig. 9 presents a second step of the method for creating code for a network 
security layer; 

- Fig. 10 presents a method for producing secure messages. 
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Referring to Fig. 1, a computing device 67 is physically linked to a first 
private network 69 and a computing device 68 is physically linked to a second private 
network 70. Messages can circulate in complete confidentiality through each of the 
private networks 69 and 70, insofar as no intrusion can be accomplished from outside 

5 these networks. However, if the device 67 sends an message to the device 68 using 
services of a public network 71, confidentiality is not assured without taking 
particular precautions. The public network 71 is for example the network known as 
the Internet, often represented in the form of a cloud in the literature. The public 
network 71 comprises several networks 72, 73, interconnected by means of 

10 computing devices such as a computing device 65, not controlled by the devices 67, 
68. 

The private network 69 is linked to the public network 71 by a computing 
device 66 and the private network 70 is linked to the public network 7 1 by a 
computing device 1 . The computing devices 1 and 66 are called gateways in the rest 

15 of the description. Each computing device 1, 65, 66, 67, 68 traditionally includes a 
network layer using a communication protocol such as the known protocol IP, 
surmounted by a transport layer using a protocol such as the known protocol TCP, 
UDP or the like, in turn surmounted by an application layer such as http, ftp or the 
like, which send and receive messages. If a message passes through the TCP layer, 

20 then the DP layer in the device 67 and passes through the IP layer, then the TCP layer 
in the device 68, the routing of the message through the public network 71 normally 
stays within the IP layers of the devices 66, 65, 1. 

However, the device 65 can facilitate an alien intrusion into the networks 72, 
73, with the danger of intercepting the message in order to read, modify or even 

25 generate a message, by passing itself off as the device 67. One solution consists of 
encrypting and/or signing the message in the IP layer of the gateway 66, as it leaves 
the interconnecting network 72, then decrypting the message in the IP layer of the 
gateway 1, as it enters the interconnecting network 73. A solution known as Ipsec thus 
makes it possible to create a tunnel 74, which passes through the public network 71 in 

30 such a way as to create a virtual private network usable by the devices 67 and 68. 

Referring to Fig, 2, a computing device 1 comprises a memory 2, one or more 
network access cards 3 and one or more cryptographic cards 4. The network access 
card 3 is designed to be connected to one or more physical links, not represented. The 
memory 2, of a known type such as a RAM, is designed to contain data and 

35 processing programs of the computing device 1. The network access card 3 is of a 



known type, such as for example ethernet, for receiving and sending messages that 
flow through a computer network. The cryptographic card 4 is designed to encode and 
decode secure messages using dedicated hardware circuits that implement encryption 
algorithms of a known type, such as for example TripleDES. The dedicated hardware 
5 circuits, not represented, allow for a faster encoding and decoding operation than 
programs that are purely software. These circuits are not the subject of the present 
invention. 

The memory 1 comprises data and programs of a user layer 5 and a kernel 
layer 6. The user layer 5 is a known type for executing applications, such as client or 

10 server applications on the Internet like http, www, telnet or others. The kernel layer 6 
is designed to contain data structures and primitive functions of an operating system, 
such as for example the known UNIX operating system. 

The kernel layer 6 comprises a network layer 7 and a driver 8. The network 
layer 7 is designed to execute network protocols, such as for example the IP protocol. 

15 The network layer 7 comprises a security layer 9 designed to execute secure 

communication protocols, such as for example Ipsec. The driver 8 is designed to 
control the cryptographic card 4, essentially at the request of the security layer 9. 

Referring to Fig. 3, in an initial state 12, the network security layer 9 does not 
consume any resources of the system. Upon detection of a message to be secured, a 

20 transition 13, 14, 15, 16 switches the network security layer, respectively, into a state 
17, 18, 19, 20, which calls a function Fl, F2, F3, F4 for processing the message. At 
the return of the called function Fl, F2, F3, F4, a transition 21, 22, 23, 24, indicating 
that the message has been processed, switches the network security layer 9 back to the 
initial state 12, thus freeing up the system resources required by the network security 

25 layer 9. 

The transition 13 corresponds to the detection of a message Ml to be 
decrypted. The function Fl called is a function of the driver 8 that commands the 
cryptographic card 4 to decode the message. The cryptographic card is equipped with 
the algorithm and the keys required for decrypting the message. For example, in the 

30 case of the TripleDES algorithm, the cryptographic card uses the secret key to decode 
the message. When the cryptographic card 4 has finished decrypting the message, the 
driver 8 validates the transition 21, again making the message Ml available to the 
network security layer 9. 

The transition 14 corresponds to the detection of a message M2 to be 

35 authenticated. The function F2 called is a function of the driver 8 that commands the 



cryptographic card 4 to authenticate the message. The cryptographic card is equipped 
with the algorithm and the keys required for authenticating the message. For example, 
in the case of the HMAC-SHA1 algorithm, the cryptographic card uses the secret key 
to verify the signature of the gateway 66. When the cryptographic card 4 has finished 

5 authenticating the message, the driver 8 validates the transition 22, again making the 
message M2 available to the network security layer 9. 

The transition 15 corresponds to the detection of a message M4 to be signed. 
The function F4 called is a function of the driver 8 that commands the cryptographic 
card 4 to sign the message. The cryptographic card is equipped with the algorithm and 

10 the keys required for signing the message. For example, in the case of the HMAC- 
SHA1 algorithm, the cryptographic card uses the secret key to generate its signature. 
When the cryptographic card 4 has finished signing the message, the driver 8 
validates the transition 21, again making the message M4 available to the network 
security layer 9. 

15 The transition 16 corresponds to the detection of a message M3 to be 

encrypted. The function F3 called is a function of the driver 8 that commands the 
cryptographic card 4 to encrypt the message. The cryptographic card is equipped with 
the algorithm and the keys required for encrypting the message. For example, in the 
case of the TripleDES algorithm, the cryptographic card uses the secret key to encode 

20 the message. When the cryptographic card 4 has finished encrypting the message, the 
driver 8 validates the transition 24, again making the message M3 available to the 
network security layer 9. 

The disadvantage of the prior art described herein in reference to Fig. 3 is that 
the processing of the message has to be finished to allow the network security layer 9 

25 to return to the initial state 12 and to free up the resources of the system, or to make it 
available for a subsequent processing of another or the same message. In essence, a 
message that is presented, for example the message Ml to be decrypted, can be 
presented as a message M2 to be authenticated after having been decrypted. All of the 
combinations are possible. The encryption and decryption operations are particularly 

30 long, and may even be performed by means of hardware circuits. 

Referring to Fig. 4, in an initial state 12, the network security layer 9 does not 
consume any resources of the system. Upon detection of a message Ml, M2, M4, M3 
to which a security operation is to be applied, a transition 13, 14, 15, 16 switches the 
network security layer to a respective state 25,26, 27, 28, which activates a sequence 

35 F5, F6, F7, F8 for saving the current execution context CE. At the end of the sequence 



F5, F6, F7, F8, a transition 29, 30, 31, 32 is validated by a pointer value PZS(Ml), 
PZS(M2), PZS(M4), PZS(M3) in a save area resulting from the preceding state 25, 
26, 27, 28. 

The security operations - decryption operations downstream from the 

5 transition 13, authentication downstream from the transition 14, signature downstream 
from the transition 15, and encryption downstream from the transition 16 - are 
considered as non-limiting examples in reference to Figs. 3 and 4, comparatively to 
Fig. 3. The teaching of the invention is also valid for any other operation such as 
message digesting or message compression. 

10 Each save sequence F5, F6, F7, F8 is specific to the operation to be performed 

for each type of message Ml, M2, M4, M3. The sequence F5 F6, F7, F8 essentially 
consists of saving the current execution context CE in a storage area. The current 
execution context CE is constituted by local and global variables that are used by the 
network security layer 9 to process the message, such as the security characteristics of 

15 the message, and the protocols and keys to be used. The start of the storage area is 
marked by a pointer PZS(Ml), PZS(M2), PZS(M4), PZS(M3) so that the execution 
context CE linked to the processing of the message Ml, M2, M4, M3 can 
subsequently be restored. 

When the sequence F5 has finished saving the execution context CE, the 

20 transition 29 switches the network security layer 9 to a state 33, which performs a call 
to a function F9 executed by the driver 8 in order to command the card 4 to decrypt 
the message ML The function F9 passes as parameters a so-called function return 
address @F13, a so-called correlation variable VC1, and the value of the pointer 
PZS(Ml). 

25 A transition 37 is validated by an acknowledgement of the function F9, 

returned by the driver 8. The transition 37 switches the network security layer 9 back 
to its initial state 12. 

When the sequence F6 has finished saving the execution context CE, the 
transition 30 switches the network security layer 9 to a state 34 that performs a call to 

30 a function F10 executed by the driver 8 in order to command the card 4 to 

authenticate the message M2. The function F10 passes as parameters a so-called 
function return address @F14, a so-called correlation variable VC2, and the value of 
the pointer PZS(M2). 



6 



1 * K r 

A transition 38 is validated by an acknowledgement of the function F10 
returned by the driver 8. The transition 38 switches the network security layer 9 back 
to its initial state 12. 

When the sequence F7 has finished saving the execution context CE, the 
5 transition 31 switches the network security layer 9 to a state 35 that performs a call to 
a function Fl 1, executed by the driver 8 in order to command the card 4 to sign the 
message M4. The function Fl 1 passes as parameters a so-called function return 
address @F15, a so-called correlation variable VC4, and the value of the pointer 
PZS(M4). 

10 A transition 39 is validated by an acknowledgement of the function Fl 1, 

returned by the driver 8, The transition 39 switches the network security layer 9 back 
to its initial state 12. 

When the sequence F8 has finished saving the execution context CE, the 
transition 32 switches the network security layer 9 to a state 36 that performs a call to 

15 a function F12, executed by the driver 8 in order to command the card 4 to sign the 
message M3. The function F12 passes as parameters a so-called function return 
address @F16, a so-called correlation variable VC3, and the value of the pointer 
PZS(M3). 

A transition 40 is validated by an acknowledgement of the function F12, 

20 returned by the driver 8. The transition 40 switches the network security layer 9 back 
to its initial state 12. 

Fig. 6 presents the states and transitions of the cryptography card driver 8 that 
are specifically adapted for interfacing with the states and transitions of the network 
security layer 9 according to the invention, in reference to Figs. 3 and 4. Other states 

25 of the driver, applicable to the control of the card 4, are not described herein, as those 
other states are beyond the scope of the present invention. The states described are the 
ones that correspond to the encryption and decryption operations. The resulting 
teaching is applicable to authentication, signature, or to any other securing operation 
such as message digesting by means of the hardware card 4. 

30 In an initial state 41, the driver 8 does not use any resources of the system. A 

transition 42 is activated by a call of the function F9, performed in the state 33 of the 
network security layer 9. A transition 43 is activated by a call of the function F12, 
performed in the state 36 of the network security layer 9. 

The transition 42 switches the driver 8 to a state 44. In the state 44, the driver 

35 8 immediately sends an acknowledgement Ack(F9) that validates the transition 37 and 



activates the card 4 in order to perform a hardware decryption operation on the 
message Ml. The card 4 then processes the message Ml. As soon as the card 4 is 
activated, a transition 46 switches the driver back to the initial state 41, which makes 
it available to handle other requests for processing by the network security layer 9. 

When the card 4 has finished decrypting the message Ml, a transition 48 
switches the driver to a state 50. In the state 50, the driver performs a jump to the 
function return address @F13 by communicating the pointer PZS(Ml) given 
previously in the state 33 of the network security layer. The driver also enters into the 
correlation variable VC1 the coordinates at which the message Ml decrypted by the 
card 4 is available. The driver then returns to its initial state 41. 

The transition 43 switches the driver 8 to a state 45. In the state 45, the driver 
8 immediately sends an acknowledgement Ack(F12), which validates the transition 40 
and activates the card 4 in order to perform a hardware operation for encrypting the 
message M3. The card 4 then processes the message M3. As soon as the card 4 is 
activated, a transition 47 switches the driver back to the initial state 41, which makes 
it available to handle other requests for processing by the network security layer 9. 

When the card 4 has finished encrypting the message M3, a transition 49 
switches the driver to a state 51. In the state 51, the driver performs a jump to the 
function return address @F16 by communicating the pointer PZS(M3) given 
previously in the state 36 of the network security layer. The driver also enters into the 
correlation variable VC3 the coordinates at which the message M3 encrypted by the 
card 4 is available. The driver then returns to its initial state 41. 

Referring to Fig. 5, a transition 52 switches the network security layer from 
the initial state 12 to a state 56, a transition 53 switches the network security layer 
from the initial state 12 to a state 57, a transition 54 switches the network security 
layer from the initial state 12 to a state 58, and a transition 55 switches the network 
security layer from the initial state 12 to a state 59. 

The transition 52 is validated by the jump to the address @F13 and the 
communication of the pointer PZS(Ml) performed in the state 50. In the state 56, the 
network security layer 9 restores the execution context saved in the storage area 
pointed to by PZS(Ml). The network security layer 9 thus returns to the configuration 
it had when it was in the state 25 for the message Ml when the message Ml was not 
decrypted. However, now that the message is decrypted, the correlation variable VC1 
immediately validates a transition 60 that returns the network security layer to its 
initial state 12. The correlation variable VC1 makes the message Ml available to the 
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network security layer 9 in order to make other functions of the network layer 
available or to present the processed message Ml as a message of the M2, M3, M4 
type for another operation. In order to make the message Ml available to the network 
security layer 9, the value of the correlation variable VC1 is for example a value that 

5 makes it possible to resume execution at an appropriate place. 

The transition 55 is validated by the jump to the address @F16 and the 
communication of the pointer PZS(M3), performed in the state 51. In the state 59, the 
network security layer 9 restores the execution context saved in the storage area 
pointed to by PZS(M3). The network security layer 9 thus returns to the 

10 configuration it had when it was in the state 28 for the message M3 when the message 
M3 was not encrypted. However, now that the message is encrypted, the correlation 
variable VC3 immediately validates a transition 64, which returns the network 
security layer to its initial state 12. The correlation variable VC3 makes the message 
M3 available to the network security layer 9 in order to make other functions of the 

15 network layer 7 available or to present the processed message M3 as a message of the 
M2, Ml, M4 type for another operation. 

Likewise, the transition 53 is validated by the jump to the address @F14 and 
the communication of the pointer PZS(M2) performed in a non-represented state of 
the driver 8. In the state 57, the network security layer 9 restores the execution context 

20 saved in the storage area pointed to by PZS(M2). The network security layer 9 thus 
returns to the configuration it had when it was in the state 26 for the message M2 
when the message M2 was not authenticated. However, now that the message is 
authenticated, the correlation variable VC2 immediately validates a transition 62, 
which returns the network security layer to its initial state 12. The correlation variable 

25 VC2 makes the message M2 available to the network security layer 9 in order to make 
other functions of the network layer 7 available or to present the processed message 
M2 as a message of the Ml, M3, M4 type for another operation. 

Likewise, the transition 54 is validated by the type to the address @F15 and 
the communication of the pointer PZS(M4) performed in a non-represented state of 

30 the driver 8. Li the state 58, the network security layer 9 restores the execution context 
saved in the storage area pointed to by PZS(M4). The network security layer 9 thus 
returns to the configuration it had when it was in the state 27 for the message M4 
when the message M2 was not signed. However, now that the message is signed, the 
correlation variable VC4 immediately validates a transition 63, which returns the 

35 network security layer to its initial state 12. The correlation variable VC4 makes the 



message M4 available to the network security layer 9 in order to make other functions 
of the network layer 7 available or to present the processed message M4 as a message 
of the Ml, M3, M2 type for another operation. 

In Fig. 2 , we take a path 10 of an encrypted message Ml from the network 
5 card 3 to the cryptographic card 4, followed by a path 1 1 of the decrypted message 
Ml from the card 4 to the memory 2 for its presentation, for example, to the user layer 
5, 

When the message Ml coming from the card 3 is transmitted to the memory 2 
on the ascending branch of the path 10, its presentation to the network security layer 9 
10 validates the transition 13, The network security layer 9 is only in the state 25 for a 
short time, since the saving of the execution context is a relatively fast operation. 
After the state 25 ? the network security layer 9 is only in the state 33 for a short time, 
jff since the state 44 of the driver 8 sends the acknowledgement Ack(F9) immediately 

fn after the call of the function F9 without waiting until the message Ml is decrypted. 

15 The network security layer 9 then quickly returns to its initial state 12. This prevents 
tH the system from being inhibited during the operation for decrypting the message Ml, 

J since this operation is handled by the card 4 asynchronously. Furthermore, it has the 

Q advantage of quickly making the network security layer available again for the 

ri j presentation of another message to be processed. 

:ff 20 When the message Ml is stored in decrypted form by the card 4 in memory 2 

U on a first ascending branch of the path 1 1 , the state 50 of the driver 8 validates the 

transition 52 of the network security layer 9. The network security layer 9 is only in 
the resulting state 56 for a short time, since the restoration of the execution context 
CE is a relatively fast operation. After the restoration of the context CE, the transition 
25 21 quickly returns the network security layer 9 to the initial state 12, since the 
correlation value VC1 immediately makes the message Ml in decrypted form 
available to the network security layer 9 so that it can be retransmitted, in the case of 
Fig. 2, to the user layer 5 via a second ascending branch of the path 1 h Thus, the 
decryption time of the message Ml is totally transparent for the network security 
30 layer 9, activated only a short time after the presentation of the message Ml to be 
decrypted, then reactivated only a short time after the presentation of the decrypted 
message Ml. The paths 10 and 11 of Fig. 2 are symbolic, and simply illustrate the 
advantages of the invention. One skilled in the art would also know that one or more 
layers could separate the network layer 7 from the user layer 5, such as a transport 
35 layer of the known TCP type, not represented in order not to unnecessarily 
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overcomplicate Fig. 2. Furthermore, the path 1 1 could also be redirected to the card 3 
by the network layer 7 or back to the card 4 for a subsequent operation. 

Since the network layer 6 is not inhibited while waiting for the processing of a 
message to end, it is advantageous to provide for other messages that are presented to 
5 the network security layer 9 be handled while a first message has not yet finished 
being processed. 

Referring to Fig. 7, while the message Ml is handled by the card 4 in order to 
be decrypted, the pointer PZS(Ml) has the value of a word 56 that contains a start 
address of an area 52 of the memory 2. The area 52 contains the execution context CE 

10 that the network security layer had when it was in the state 25 for the message Ml. A 
word 55 is designed to contain an address that follows a last address of the area 52. 
Thus, the word 55 defines a pointer PZL to an available area in a subsequent 
executing context save area 53. 

When another message M' 1 is presented to the network security layer 7, the 

15 value of the word 55 is transferred into a word 57 so as to define a new pointer 

PZS(M' 1) at the beginning of the area 53 in which the execution context CE is saved 
when the network security layer is in the state 25 for the message M' 1 . The word 55 
therefore contains an address that follows a last address of the area 53. The word 55 
defines a pointer PZL to an available area in a subsequent execution context save area 

20 54, available for the execution context CE linked to a new message M"L This process 
is repeated for any new message in order to chain the saving of execution contexts 
CE. 

After a restoration of an execution context CE in the state 56 of the network 

security layer, the start address of the released save area is taken to be the address that 

25 follows the last save area occupied, using a standard chaining mechanism. 

It is possible to use a data structure similar to that just described, distinct for 

each of the states 25, 26, 27, 28 of the network security layer, or common to all the 

states 25, 26, 27, 28, in which case the words 56, 57 can contain a PZS(Ml), 

PZS(M2), PZS(M3), PZS(M4) for any one of these states. 

30 The network security layer can be programmed in various ways in order to 

implement the states described above. One method for creating code for the network 

security layer 9 from a standard network security layer such as for example the Ipsec 

layer of LINUX, essentially comprises two steps. 

The first step is explained in reference to Fig. 8. In the kernel layer 6 of the 

35 computing device 1, a first code sequence 75 is designed to be activated by the 
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presentation of a message Ml, M2, M3 or M4 to which a securing operation - 
encryption, authentication, encryption or signature - is to be applied. In the standard 
network security layer, the code sequence 75 is constituted by several lines of 
standard code which are not the subject of the present invention. At this stage, there is 
5 only a line 76 and a last line of the sequence 75, indicated by an End indicator. The 
line 76 contains a call to the standard securing operation function, for example the 
first function Fl if the code sequence 75 is the one activated by the presentation of the 
message ML 

The first code sequence 75 is modified by inserting, ahead of line 75, a second 
10 code sequence 77. The code sequence 77 begins with one or more lines F5(CE), 

which save the current execution context CE when the first sequence is activated, i.e. 

essentially the values of the local and global variables used in the code sequence 75. 

The save code therefore consists in the writing of values of these variables into an 

area of the memory 2, indicated by the pointer PZS(Ml). 
15 After the lines F5(CE), the sequence 77 contains the code for calling a second 

security function, for example the function F9(@F13, VC1, PZS(Ml)) in the case 

described here. The second function is designed to be executed by the driver 8. The 

parameters passed are essentially a function address @F13 and the pointer PZS to the 

save area. 

20 The code sequence 77 ends in a jump to the last line of the code sequence 75 

of the "Goto End" type. 

The second step is explained in reference to Fig. 9. The first code sequence 75 
is copied so as to generate a third code sequence 78, taken to be the code of the 
function F13 whose address @F13 is indicated by a pointer 81. A fourth code 

25 sequence 80 is inserted after the line 76 of the sequence 78. The sequence 80 is 

indicated by a label and contains start of the sequence 78. The line 79 contains a jump 
instruction "Goto Label" to the code sequence 80. 

The network security layer (9) obtained by means of the method described 
above, is faster than the original standard network security layer. In essence, in the 

30 standard security layer, the execution of the unmodified sequence 75 takes place in 
the following way. The standard code instructions that precede the line 76 are 
executed. The line 76 executes a call to the standard processing function Fl. The 
standard code instructions that follow the line 76 are executed after the return of the 
function Fl, which indicates the end of the processing of the message. But a 
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cryptographic operation is intrinsically long. This has the effect of slowing down the 
wait for the execution of the last line "End" of the unmodified sequence 75. 

In the network security layer obtained by means of the method, the execution 
of the modified sequence 75 takes place in the following way. The standard code 

5 instructions that precede the line 76 and the sequence 77 are executed. The line 76 and 
the subsequent lines of the sequence 75 are never executed because of the first jump 
to the last line of the sequence 75. The first jump is performed quickly because the 
function F9 immediately sends an acknowledgement before the message is finished 
being processed. When the processing of the message is finished, the driver 8 triggers 

10 an execution of the code sequence 78 by means of the address @F13. The code line 
76 and the code lines of the sequence 78 that precede it are never executed because of 
the jump at the start of the sequence 78 to the sequence 80, which allows the 
execution of the subsequent lines of code, thus masking the processing time of the 
message. 

15 The computing device just described makes it possible to implement a method 

for maintaining a secure message from another message. 

Referring to Fig. 10, upon presentation of said other message to the network 
security layer, in a first step 82, the current execution context is saved. This step is 
performed in one of the states 25, 26, 27, 28 of the layer 9. In a second step 83, a 

20 request for a securing operation is sent from the layer 9, in one of the states 33, 34, 35, 
36, to an element outside the layer 9, so that the layer 9 is returned to its initial state, 
which does not use any resources of the device. Steps 82 and 83 are implemented by 
means of the sequence 77. After the external element has processed said other 
message, the saved context is restored in a step 84 in order to produce the secure 

25 message. 

This method has the advantage of being able to produce secure messages in 
large numbers, since step 84 can be activated after several successive activations of 
the steps 82, 83 for different messages 
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CLAIMS 

1 1 . Computing device (1) comprising a memory (2) and a network security 

2 layer (9) for applying a securing operation upon presentation of a message (Ml) in the 

3 memory (2), characterized in that: 

4 - the presentation of the message (Ml) switches the network security layer (9) 

5 from an initial state (12) to a first state (25) that saves an execution context (CE) in an 

6 area (52) of the memory (2); 

7 - the saving of the execution context (CE) switches the network security layer 

8 from the first state (25) to a second state (33) that calls a first function (F9) for 

9 processing the message (Ml), passing as parameters of said first function (F9), at least 

10 an address (@F13) of a second function (F13) and a pointer PZS(Ml) to the area (52) 

1 1 of the memory (2); 

12 - an acknowledgement of the first function (F9) before the processing of the 

13 message (Ml) immediately switches the network security layer back to the initial state 

14 (12); 

15 - a jump to the address (@F13) of the second function switches the network 

16 security layer (9) from the initial state (12) to a third state (56) that restores the 

17 execution context (CE) before switching the network security layer (9) back to the 

18 initial state. 

1 2. Computing device (1) according to claim 1, characterized in that 

2 several pointers PZS(Ml), PZS(M' 1) are chained so that they can be restored at the 

3 time of the jump to said address (@F13). 

1 3. Computing device (1) according to claim 1 or 2, characterized in that 

2 the call of the first function (F9) passes as a parameter a correlation variable (VC1) 

3 restored at the time of the jump to the address (@F13). 

1 4. Method for creating code for a fast network security layer (9) from the 

2 code of a standard network security layer in a kernel layer (6) of a computing device 

3 (1), characterized in that it comprises: 

4 - a first step for modifying, in the code of said standard layer, a first code sequence 

5 designed to be activated by the presentation of a message to which a securing 
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6 operation is to be applied, by inserting into the first sequence, before calling a first 

7 securing function (Fl), a second code sequence that: 

8 - begins by saving a current execution context (CE) when the first sequence is 

9 executed, 

10 - makes a call to a second securing function (F9), 

1 1 -ends with a first jump to the end of the first code sequence; 

12 - a second step for generating a third code sequence of a third function (F13) by 

13 copying said first modified code sequence, then inserting said third code sequence 

14 into it: 

15 - after the call to the first function (Fl), a fourth code sequence for restoring 

16 the saved execution context (CE), 

17 - at the start of the third sequence, a second jump to said fourth code sequence. 

1 5. Method for obtaining a secure message from another message, by 

2 means of a computing device (1) comprising a network security layer (9) to which 

3 said other message is presented, characterized in that it comprises: 

4 - a first step for saving an execution context of the network security layer after 

5 the presentation of said other message; 

6 - a second step in which the network security layer sends a request for a 

7 securing operation to an element outside the network security layer such that said 

8 external element immediately acknowledges this request in order to place the network 

9 security layer in an initial state that does not use any resources of the computing 

10 device (1); 

11 - a third step in which said external element activates a restoration of the saved 

12 execution context in the network security layer by presenting the message secured by 

13 the securing operation that results from said request. 
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COMPUTER DEVICE FOR MAKING SECURE MESSAGES AT A 

NETWORK LAYER 

5 

The computing device (1) comprising a memory (2) and a network security 
layer (9) for applying a securing operation upon presentation of a message (Ml) in the 
memory (2) is characterized in that: 

- the presentation of the message (Ml) switches the network security layer (9) 
10 from an initial state (12) to a first state (25) that saves an execution context (CE) in an 

area (52) of the memory (2); 

- the saving of the execution context (CE) switches the network security layer 
from the first state (25) to a second state (33) that calls a first function (F9) for 
processing the message (Ml), passing as parameters of said first function (F9) at least 

15 an address (@F13) of said function (F13) and a pointer PZS(Ml) to the area (52) of 
the memory (2); 

- an acknowledgement of the first function (F9), before the processing of the 
message (Ml), immediately switches the network security layer back to the initial 
state (12); 

20 - a jump to the address (@F13) of a second function switches the network 

security layer (9) from the initial state (12) to a third state (56) that restores the 
execution context (CE) before switching the network security layer (9) back to the 
initial state. 

25 Fig. 2 

#9150912 
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En tant qu* inventeur nomme ci-apres f Je declare par ie pre- 
sent acte que; 


As a beiow named inventor, ! hereby declare that; 


Mon nom, mon domicile, mon adresse postale, ma nationality 
sont ceux qui figurent ci-apres, 


My residence, post office address and citizenship are as stated 
beiow next to my name, 


Je declare que je crois etre Hnventeur original, premier et 
unique (si un seul nom figure sur le present acte) ou un des 
f=co-inventeurs, onginaux et premiers (si piusieurs noms fi- 
gurent sur ie present acte) du sujet revendique et pour iiquel 
3-tn brevet est demande sur la base de ('invention intituiee: 

Dispositif informatique pour securiser des 


i believe I am the original, first and sole inventor (if only one 
name is listed below) or an original, first and joint inventor (if 
plural names are listed beiow) of the subject matter which is 
claimed and for which a patent is sought on the invention entitled 


^AJ messages au niveau d'une couche reseau 




a dont la description 

PI (cocher la case correspondante) 


the specification of which 
(check one) 


I Q est annexee au present acte. 


Q is attached hereto. 


Q a ete deposee 


Q was filpri nn as 


Numero de serie de la demande 


Appltrstinn SAriaf Nn 


Pt mnHifiA« Ia . _ .. ... — . 

(si approprie) 


and w*55 amprtrteri nn 

(if applicable) 


Je declare par le present acte avoir examine et compris le 
contenu de la description identiffee ct-dessus, revendications 
y compris, et le cas echeant telle que modiriee par r amend- 
ment cite plus haut. 


I hereby state that i have reviewed and understand the con- 
tents of the above identified specification, including the claims, 
as amended by any amendment referred to above. 


Je reconnals le devoir de divuiguer I'information qui est en 
rapport avec Texamen de cette demande selon Titre 37 du 
Code des Reglements Federaux §1. 56(a). 


t acknowledge the duty to disclose information which is ma- 
tenat to the examination of this application in accordance with 
Title 37, Code of Federal Regulations, § 1.56(a). 
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French Language Declaration 



Je revendique par le present acte !e benefice de priorite 
etrangere seion Titre 35, du Code des Etats-Unis, §119 de 
toute demande de brevet ou d'attestation d'inventeur enu- 
meree ci-apres, et j'ai identifie egalement ci-apres toute de- 
mande etrangere de brevet ou d'attestation d'inventeur ayant 
une date de depot anterieure a celle de la demande pour 
laquelle ia priorite est revendiquee. 



Prior foreign applications 

Demande(s) de brevet anterieure(s) dans un autre pays: 



99 14755 



FRANCE 



23.11.99 



I hereby claim foreign priority benefits under Title 35, United 
States Code, §1 19 of any foreign application(s) for patent or 
inventor's certificate listed below and have also identified 
below any foreign application for patent or inventor's certifi- 
cate having a filing date before that of the application on 
which priority is claimed: 



Priority claimed 



Droit de priorite 
revendique 



(Number) 
(Numero) 



(Country) 
(Pays) 



(Day/Month/Year Filed) 
(Jour/Mois/Annee de depot) 



Yes 
Qui 



Non 



(Number) 
(Numero) 



(Country) 
(Pays) 



(Day/Month/Year Filed) 
(Jour/Mois/Annee de depot) 



Yes 
Qui 



No 
Non 



(Number) 
(Numero) 



(Country) 
(Pays) 



(Day/Month/Year Filed) 
(Jour/Mois/Annee de depot) 



Oui 



Non 



Je revendique par le present acte, le benefice seion Titre 35 
du Code des Etats-Unis, §120 de toute(s) demande(s) ame- 
ricaines enumeree(s) ci-apres et, dans ia mesure ou le sujet 
de chacune des revendications de cette demande n'est pas 
divuigue dans la demande americaine anterieure, de ia fagon 
definie par le premier paragraphe de Titre 35 du Code des 
Etats-Unis, §112, je reconnais !e devoir de divulguer Tinfor- 
mation pertinente seion Titre 37 du Code des Reglements 
Federaux, §1. 56(a), toute information qui se presente entre 
la date de depot de la demande anterieure et la date de depot 
de la demande, soit nationaie, soit Internationale PCT. 



I hereby claim the benefit under Title 35, United States Code, 
§120 of any United States application(s) listed below and, 
insofar as the subject matter of each of the claims of this 
application is not disclosed in the prior United States appli- 
cation in the manner provided by the first paragraph of Title 
35, United States Code, §112, I acknowledge the duty to 
disclose material information as defined in Title 37, Code of 
Federal Regulations, §1 .56(a) which occurred between the 
filing date of the prior application and the national or PCT 
international filing date of this application: 



(Application Serial No.) 
(No. de Demande) 



(Filing Date) 
(Date de Depot) 



(Etat) 
(brevetee, pendante, 
abandonne) 



(Status) 
(patented, pending, 
abandoned) 



(Application Serial No.) (Filing Date) 

(No. de Demande) (Date de Depot) 

Je declare par le present acte que toutes mes declarations, 
a ma connaissance, sont vraies et que toutes les declarations 
faites a partir de renseignements ou de suppositions, sont 
tenues pour etre vraies; de plus, toutes ces declarations ont 
ete faites en sachant que de fausses declarations volontaires 
u autres actes de meme nature sont sanctionees par une 
amende ou un emprisonnement, ou les deux, seion la Section 
1001, du Titre 18 de Code des Etats-Unis et que de selles 
declarations deliberement fausses peuvent compromettre ia 
validite de la demande ou du brevet delivre. 



(Etat) (Status) 
(brevetee, pendante, (patented, pending, 

abandonnee) abandoned) 

I hereby declare that all statements made herein of my own 
knowledge are true and that alt statements made on infor- 
mation and belief are believed to be true; and further that 
these statements were made with the knowledge that willful 
false statements and the tike so made are punishable by fine 
or imprisonment, or both, under Section 1001 of Title 18 of 
the United States Code and that such willful false statements 
may jeopardize the validity of the application or any patent 
issued thereon. 
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French Language Declaration 


POUVOIR: En tant qu'inventeur, je designe l'(Ies) avocat(s) 
et/ou l'(ies) agent(s) suivant(s) pour poursuivre la procedure 
de cette demande et traiter toute affaire la concernant supris 
du Bureau des Brevets et de Marques: 


POWER OF ATTORNEY: As a named inventor, I hereby 
appoint the following attorney(s) and/or agent(s) to prosecute 
this application and transact all business in the Patent and 
Trademark Office connected therewith, (list name and reg- 
istration number) 




Harold L. Stowell, Reg. 17,233 
Edward J. Kondracki, Reg. 20,604 
Dennis P. Clarke, Reg. 22,549 S, 
William L* Feeney, Reg. 29,918 
John C. Kerins, Reg. 32,421 


Harold L. Stowell, Reg. 17,233 
Edward J. Kondracki, Reg. 20,604 
Dennis P. Clarke, Reg. 22,549 
William L. Feeney, Reg. 29,918 
John C. Kerins, Reg. 32,421 


Adresser toure correspondance a: 

Edward J. Kondracki, Esq. 
n KERKAM, STOWELL, KONDRACKI 
:S & CLARKE, P.C. 
m 5203 Leesburg Pike, Suite 600 
5 Falls Church, VA 22041 


Send Correspondence to: 
Edward J. Kondracki, Esq. 
KERKAM, STOWELL, KONDRACKI 

& CLARKE, P.C. 
5203 Leesburg Pike, Suite 600 
Falls Church, VA 22041 


."fijAdresser toute communication telephonique a: 
^INom) (Numero de telephone) 

m Edward J. Kondracki, Esq. 
. m (703) 998-3302 


Direct Telephone Calls to: (name and telephone number) 

Edward J. Kondracki, Esq. 
(703) 998-3302 




Nom compiet du seut ou premier inventeur 

Cunchon Francis p 


Full name of sole or first inventor 




Signature de Hnventeuj^ — JJ ^ f Date 


inventor's signature Date 






Domicile 5 rue Claude^Nicolas Ledoujc 

78114 Mannv les Hameau^ France FR> 


Residence 






Nationaiite 

, Fran?aise 


Citizenship 






Adresse Postale 

5, rue Claude Nicolas Ledoux, 


Post Office Address 






78114 Magny les Hameaux, France 






. <=><= 


Nom compiet du second co-inventeur, le cas echeant 

, Martin Rene 


Full name of second joint inventor, if any 








Second Inventor's signature Date 






^^rue de Gometz, 91440 Bures surY^tt^^ H? 


Residence 






Nationaiite 

Fran?aise 


Citizenship 






Adresse Postale 

32, rue de Gometz, 91440 Bures sur Yvette 


Post Office Address 






h ranee 








___ 

(Fournir les memes renseignements et la signature de tout 
co-inventeur supplemental) 


(Supply similar information and signature for third and sub- 
sequent joint inventors.) 
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French Language Declaration 



Nom complet du troisieme inventeur 
\ ran iviinn Lap i / 


Full name of third joint inventor, if any 


Signature de I'inventeur^b fate 


Inventor's signature Date 


Domicile / ' Ff^x 
18, rue Paul Eiuard, 9536Q Montmaqny. France 


Residence 


Nationalite 
Franpaise 


Citizenship 


Adresse Postale 

18, rue Paul Eiuard, 95360 Montmagny, France 


Post Office Address 






Nom complet du quatrieme inventeur 


Full name of fourth joint inventor, if any 


Signature de Tinventeur Date 


Inventor's signature Date 


Domicile 


Residence 


Nationalite 


Citizenship 


Adresse Postale 


Post Office Address 
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JC18Rec'dPCT/FTO 2 5 JUL 2001 

T21 47-907330-US3876/JMD(PCT) 
IN THE UNITED STATES DESIGNATED/ELECTED OFFICE (D.O./E.O./US) 



Applicant: 

International 
Application No.: 

International 
Filing Date: 

U.S. Serial No.: 

U.S. Filing Date: 

For: 



Francois CUNCHON et al. 

PCT/FROO/03230 

21 November 2000 
To be Assigned 
July 23, 2001 

COMPUTER DEVICE FOR MAKING SECURE 
MESSAGES AT A NETWORK LAYER 



McLean, Virginia 



CHANGE OF ADDRESS 

Honorable Commissioner of Patents and Trademarks 
Washington, D.C. 20231 

Sir: 

Effective immediately, please note our new correspondence address 

and telephone/fax numbers as follows: 

Miles & Stockbridpe P.C. 
1 751 Pinnacle Drive 
Suite 500 

McLean, VA 22102-3833 
Telephone: 703-903-9000 
Fax: 703-610-8686 

Respectfully submitted, 



MILES & STOCKBRIDGE P.C. 



Date: July 23. 2001 




1751 Pinnacle Drive - Suite 500 
McLean, VA 22102-3833 
Tel.: 703/903-9000 
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